SOHO : Small Office Home Office
Freeware - Opensource software tips, tricks, tweaks & fixes for managing, securing, improving the performance of SOHO Desktop, Laptop, Networks

Monday, April 2, 2012

Logwatch output as file with date

update: This post has been edited with complete instructions from installaion  and configuration to store logwatch report as a file to a location of your choice.

Logwatch 

Logwatch is a tool that will monitor your server's logs and email the administrator a digest on a daily basis.

Installation

Update your package list with:
$ sudo apt-get update
Install Logwatch with:
$ sudo apt-get install logwatch
Notes
Create a directory the Logwatch package in the repositories currently does not create, but is required for proper operation:
$ sudo mkdir /var/cache/logwatch
Configuration shouldn't be edited in the install directory (/usr/share/logwatch). Copy logwatch.conf to /etc/logwatch before editing:
$ sudo cp /usr/share/logwatch/default.conf/logwatch.conf /etc/logwatch/conf/
Edit logwatch.conf to put in the e-mail where you want the report sent:
MailTo = me@example.com
If you want logwatch to create a file in html format then edit logwatch.conf and make changes as below
Output  = file
Format = Html 
Detail level of the logwatch report can be Low, Med or High. Default level is Low. To change that, edit the newly copied logwatch.conf:
Detail = High
For Ubuntu systems with apache server:
sudo cp /usr/share/logwatch/default.conf/logfiles/http.conf /etc/logwatch/conf/logfiles/
Then add *combined.log files to the list

We want logwatch output as a file and to be stored on a local / remote server. In our case we will store it in the html folder to be accessed by webserver (You must secure you folder with .htaccess)
To accomplish this, first we need to write a script
$ mkdir ~/scripts
$ nano ~/scripts/logwatch_daily

Insert the below lines in the script file and save it

#!/bin/bash
test -x /usr/share/logwatch/scripts/logwatch.pl || exit 0
/usr/sbin/logwatch --output file --filename /var/cache/logwatch/$(date +%Y%m%d)-logwatch.html
chmod 644 /var/cache/logwatch/*.html
mv /var/cache/logwatch/*.html /var/www/private/logwatch/

With the above script the logwatch report will be saved in "your-domain/private/logwatch/ " Date will also be appended to the file name. You can modifiy the script to ssh transfer the file to a remote server too. Need help with this, ask your questions in the comments section.

Run the script:

Logwatch adds its script 00logwatch to /etc/cron.daily. We need to modify this for our purpose. Edit the script 00logwatch
$ sudo nano 00logwatch
Delete all the lines from the script and add the below line

#!/bin/bash
/path/to/scripts/logwatch_daily
exit 0

Done...

Every time logwatch generates a report, it is stored in the path specified by the script. You can also get the reports emailed directly to your mailbox. But with this method we can access the logs from the server and look for any report. Also this is a best solution for centralized log collection and monitoring.

Below is the old post & has info on logwatch --save options
How to:
I am using a central log server which has been stripped from all mail sending capabilities. Even local ones. I would like to know how to set up the logwatch so that I would get similar output in a html report as I have when logwatch is sending out daily report via mail.

Is it possible to add a date to the --save option, so that logwatch output would be automatically stored with the information when it was created?

Solution
 you can use the option --filename to append a date:
# logwatch --output file --filename /tmp/logwatch-$(date +%Y%m%d)

or with your version:
# logwatch --save /tmp/logwatch-$(date +%Y%m%d)




No comments:

Post a Comment